Oppenheimer & Co. CISO: Cloud Adds New Contour to Gateway Monitoring, Botnet Detection

Henry Jiang, the Oppenheimer's chief information security officer, could see the writing on the wall. Seventy percent of Oppenheimer's network traffic is now internet-based, he told a gathering at this week's OpRisk North America conference, and dealing with the bandwidth and infrastructure required to handle that load internally across 28 offices is, in a word, expensive.

Moving to the cloud was the answer, but it created a different problem.

"It was interesting to us how little of our network has anything to do with our own corporate assets or order management system," he said. "So doing this made a lot of sense on a business level; we migrated to cloud in three months and the cost savings — I had to check my math was right twice on this — were 85 to 90 percent, but security was the thing we had to resolve."

Oppenheimer, with about $20 billion under management, was already using Palo Alto Networks as part of its threat detection regime, but began speaking to Jay Chaudhry at startup firm Zscaler to refine its monitoring capabilities. The problem was a quantitative and qualitative one, he says.

"We have a few thousand end-points, but we collect about 25 million events per day across all our cyber platforms, so no single security analytics solution can handle all that, so it's down to what data do you trust?" he says. "Palo Alto generates 13,000 events to check on; with Zscaler, we were able to trim that down to 20 events across 500 users, that we can then correlate back with the other intelligence. For example, Zscaler recently flagged up a malware case that we traced back to 6,000 logs in Palo Alto. And as we've built this out, we found much of it can be automated: once you have a scoring system you can trust, you can use an application like Splunk to create a dynamic rule to block a suspicious internet protocol (IP)."

'Move With It'

Chaudhry's firm, founded in 2008 and serving the likes of Nestle, United Airlines, and the UK's National Health Service, was recently given a 10-figure valuation. It's indicative of how problematic the move to cloud, and to mobile, has been for security at firms of all stripes.

"Your employees are always your weakest link. Eight to 10 percent of machines have botnets infecting them at any given time," he explained. "They sit there quietly and undetected, and today can come in through means as diverse as Javascript or Facebook Lite, and take advantage of the Internet of Things, like connections to appliances like printers or copiers that are there to help the provider know when to bring you replacement toner cartridges, with good intentions but no security built in."

That's just one reason major firms, in finance and elsewhere, are trying to get a better handle on their networks, with more subtle information, as they ride the wave of datacenter consolidation that cloud-based infrastructure has produced.

"You protect at a gateway level, and you can track whether policies around patching, for instance, are being enforced with cloud," Chaudhry told the audience.

"In my experience, it comes down to 'don't trust anything' with this — zero-trust networking is the key. The notion of 'on-off' networks today is silly, and firms are moving to network segmentation as a result, because once you're compromised somewhere, you should assume you're compromised everywhere now. It's a problem because cloud and mobile are also helping users bypass security protocols. Security now must move with it."